Snmp v3

[benhank]

Hey guys!
Iv'e read this info about snmp but it doesn't say much for setting up snmp V3:

Code: Select all

https://www.elastic.co/guide/en/logstash/2.2/plugins-inputs-snmptrap.html

So my question is how do you set up NLS to receive snmp V3 traps?

[scottwilkerson]

This doesn't appear to be available in any version of the logstash plugin.

[benhank]

SON of a biscuit!

Well, let me ask it this way: If a server is configured with snmp v3 to SEND to the logserver, all the log server needs is to be listening on the correct port :

Code: Select all

tcp {
type => 'snmptrap'
port => 162
}
udp {
type => 'snmptrap'
port => 162
}

to receive the traps right?

[scottwilkerson]

I believe you would need to have the receiver able to decode the v3 traps unfortunately, if someone else has any suggestions I am willing to be wrong on this one

[benhank]

say that gives me an idea.

What if I configure the os itself to receive and decode the traps, and then have the logserver read the traps afterwards?

[scottwilkerson]

Now you're thinking! That should work fine.

[benhank]

excellent!
now can you show me how to do it?
and yes you win the bet that I was gonna ask =D

[scottwilkerson]

This is where is gets a bit tricky, but basically you would setup snmptrapd on the server, then setup logging to a file

see snmptrapd Logging section here
https://support.nagios.com/kb/article.php?id=88

finally, add a file input to your Log Server configuration to pull /var/log/snmptrapd.log along with a filter to parse the traps

[benhank]

Gotcha you can lock it. and thanks!

[scottwilkerson]

Gotcha you can lock it. and thanks!

Locking thread